m2mb_secure_ms_extend.h File Reference

Secure Microservice Support. More...

Go to the source code of this file.

Typedefs
typedef struct M2MB_SECURE_MS_BUFFER_S *	M2MB_SECURE_MS_BUFFER
	Opaque Handle used for the m2mb_secure_ms_crypto_buffer_* calls.

Enumerations
enum	M2MB_SECURE_MS_IMPORT_TYPE_E {   M2MB_SECURE_MS_IMPORT_PsK, M2MB_SECURE_MS_IMPORT_PuK, M2MB_SECURE_MS_IMPORT_PrK, M2MB_SECURE_MS_IMPORT_ECC_DP_P,   M2MB_SECURE_MS_IMPORT_ECC_DP_A, M2MB_SECURE_MS_IMPORT_ECC_DP_B, M2MB_SECURE_MS_IMPORT_ECC_DP_G_XY, M2MB_SECURE_MS_IMPORT_ECC_DP_G_X,   M2MB_SECURE_MS_IMPORT_ECC_DP_G_Y, M2MB_SECURE_MS_IMPORT_ECC_DP_N, M2MB_SECURE_MS_IMPORT_ECC_DP_H }
	Enumeration representing the type of the parameter that is going to be imported from the secure storage into the given context. More...

Functions
M2MB_RESULT_E	m2mb_secure_ms_crypto_alloc (UINT16 size, M2MB_SECURE_MS_BUFFER *bfr)
	Allocates TEE buffer. More...
M2MB_RESULT_E	m2mb_secure_ms_crypto_add_data (UINT8 *data, UINT32 length, M2MB_SECURE_MS_BUFFER bfr, UINT32 out_offset)
	Adds the provided data to the TEE buffer. More...
M2MB_RESULT_E	m2mb_secure_ms_crypto_add_key (UINT8 *key_blob, UINT32 length, M2MB_SECURE_MS_BUFFER bfr, UINT32 out_offset)
	Adds the key (as key_blob) to the TEE buffer. More...
M2MB_RESULT_E	m2mb_secure_ms_crypto_add_item (M2MB_SECURE_MS_HANDLE handle, M2MB_SECURE_MS_BUFFER bfr, UINT32 out_offset)
	Adds the secured item data to the TEE buffer. More...
M2MB_RESULT_E	m2mb_secure_ms_crypto_md (M2MB_CRYPTO_MD_ALG_E md_info, M2MB_SECURE_MS_BUFFER in_bfr, UINT32 in_offset, UINT32 length, M2MB_SECURE_MS_BUFFER out_bfr, UINT32 out_offset)
	Performs a MD operation on (part of) the TEE buffers. More...
M2MB_RESULT_E	m2mb_secure_ms_crypto_final (M2MB_CRYPTO_GEN_CONTEXT ctx, M2MB_SECURE_MS_BUFFER out_bfr, UINT32 out_offset)
	Performs the final operation and adds it to the TEE buffer. More...
M2MB_RESULT_E	m2mb_secure_ms_crypto_encrypt (M2MB_SECURE_MS_BUFFER in_bfr, UINT32 in_offset, UINT32 length, M2MB_CRYPTO_GEN_CONTEXT ctx, UINT8 *ivec, M2MB_SECURE_MS_BUFFER out_bfr, UINT32 out_offset)
	Encrypts (part of) the data in the input TEE buffer into the output TEE buffer. More...
M2MB_RESULT_E	m2mb_secure_ms_crypto_decrypt (M2MB_SECURE_MS_BUFFER in_bfr, UINT32 in_offset, UINT32 length, M2MB_CRYPTO_GEN_CONTEXT ctx, UINT8 *ivec, M2MB_SECURE_MS_BUFFER out_bfr, UINT32 out_offset)
	Decrypts (part of) the data in the input TEE buffer into the output TEE buffer. More...
M2MB_RESULT_E	m2mb_secure_ms_crypto_xor (M2MB_SECURE_MS_BUFFER in_bfr, UINT32 in_offset, UINT32 length, M2MB_SECURE_MS_BUFFER out_bfr, UINT32 out_offset)
	Performs a XOR operation between (part of) the TEE buffers. More...
M2MB_RESULT_E	m2mb_secure_ms_crypto_rotate (M2MB_SECURE_MS_BUFFER bfr, UINT32 num_of_bytes)
	Circular shift left of the data in the TEE buffer. More...
M2MB_RESULT_E	m2mb_secure_ms_crypto_write (M2MB_SECURE_MS_BUFFER bfr, UINT32 in_offset, UINT32 length, M2MB_SECURE_MS_HANDLE handle)
	Writes (part of) the TEE buffer to the Secure Storage. More...
M2MB_RESULT_E	m2mb_secure_ms_crypto_read (M2MB_SECURE_MS_BUFFER bfr, UINT32 offset, UINT32 max_len, UINT8 *data, UINT32 *act_len)
	Reads the TEE buffer from the Secure Storage. More...
M2MB_RESULT_E	m2mb_secure_ms_crypto_find (M2MB_SECURE_MS_BUFFER bfr, char *str, UINT32 *offset)
	Searches for a string within a TEE buffer. More...
M2MB_RESULT_E	m2mb_secure_ms_crypto_free (M2MB_SECURE_MS_BUFFER bfr)
	Free the TEE buffer. More...
M2MB_RESULT_E	m2mb_secure_ms_crypto_import (M2MB_SECURE_MS_HANDLE handle, M2MB_CRYPTO_GEN_CONTEXT ctx, M2MB_SECURE_MS_IMPORT_TYPE_E type)
	Import a stored secured item (e.g. key, domain parameters), into a given context. More...
M2MB_SECURE_MS_ERRNO_E	m2mb_secure_ms_crypto_errno (M2MB_SECURE_MS_BUFFER bfr)
	Return the last error obtained calling Secure MS Crypto functions. More...

Detailed Description

Secure Microservice Support.

m2m/m2m_common/m2mb_inc/m2mb_secure_ms_extend.h

Wrapper APIs for the CryptoLib (m2mb_crypto.h) that uses data from the secure data storage. TEE is Trusted Exexution Environment region, protected by TrustZone

Note

Dependencies: m2mb_types.h m2mb_crypto.h m2mb_secure_ms.h

Author

Ian Levine

Date

12/09/2017

Enumeration Type Documentation

M2MB_SECURE_MS_IMPORT_TYPE_E

enum M2MB_SECURE_MS_IMPORT_TYPE_E

Enumeration representing the type of the parameter that is going to be imported from the secure storage into the given context.

Enumerator
M2MB_SECURE_MS_IMPORT_PsK	Symmetric Key.
M2MB_SECURE_MS_IMPORT_PuK	Public Key.
M2MB_SECURE_MS_IMPORT_PrK	Private Key.
M2MB_SECURE_MS_IMPORT_ECC_DP_P	Prime Number.
M2MB_SECURE_MS_IMPORT_ECC_DP_A	"a" constant in the ECC equation.
M2MB_SECURE_MS_IMPORT_ECC_DP_B	"b" constant in the ECC equation.
M2MB_SECURE_MS_IMPORT_ECC_DP_G_XY	"x"|"y" coordinate of the base point.
M2MB_SECURE_MS_IMPORT_ECC_DP_G_X	"x" coordinate of the base point.
M2MB_SECURE_MS_IMPORT_ECC_DP_G_Y	"y" coordinate of the base point.
M2MB_SECURE_MS_IMPORT_ECC_DP_N	order of the base point.
M2MB_SECURE_MS_IMPORT_ECC_DP_H	Cofactor, must be <= 4 and preferably equals 1.

Function Documentation

m2mb_secure_ms_crypto_add_data()

M2MB_RESULT_E m2mb_secure_ms_crypto_add_data	(	UINT8 *	data,
		UINT32	length,
		M2MB_SECURE_MS_BUFFER	bfr,
		UINT32	out_offset
	)

Adds the provided data to the TEE buffer.

Adds the provided data to the TEE buffer.

Parameters

[in]	data	Data to add.
[in]	length	Data length.
[in]	bfr	The TEE Buffer Handle.
[in]	out_offset	The offset in the TEE Buffer Handle were the data is written.

Returns

M2MB_RESULT_SUCCESS in case of success

M2MB_RESULT_FAIL in case of fail

Note

The specific error can be retrieved using m2mb_secure_ms_crypto_errno().

Example

int main()
{
  M2MB_SECURE_MS_HANDLE pHandle;
  M2MB_RESULT_E ret  = M2MB_RESULT_SUCCESS;
  UINT32 size = 128;
  UINT8 tempBuff[128] = {0};
  M2MB_CRYPTO_AES_CONTEXT SKeyCtx = NULL;
 
  ret = m2mb_secure_ms_open( &pHandle, M2MB_SYSTEM_FILE_ID, 3, M2MB_SECURE_MS_CREATE );
 
  if( ret == M2MB_RESULT_SUCCESS )
  {
    M2MB_SECURE_MS_BUFFER Bfr;
    UINT8 IVec[M2MB_CRYPTO_AES_IV_SIZE] = { 0 };
 
    ret = m2mb_crypto_aes_init( &SKeyCtx );
    ret = m2mb_secure_ms_crypto_alloc( size, &Bfr );
    ret = m2mb_secure_ms_crypto_add_data( tempBuff, size, Bfr, 0 );
    ret = m2mb_secure_ms_crypto_decrypt( Bfr, 0, size, (M2MB_CRYPTO_GEN_CONTEXT)SKeyCtx, IVec, Bfr, 0 );
 
    if( ret == M2MB_RESULT_SUCCESS )
    {
      ret = m2mb_secure_ms_crypto_write( Bfr, 0, size, pHandle );
    }
    ret = m2mb_secure_ms_crypto_free( Bfr );
 
    ret = m2mb_secure_ms_close( pHandle );
  }
}

m2mb_secure_ms_crypto_add_item()

M2MB_RESULT_E m2mb_secure_ms_crypto_add_item	(	M2MB_SECURE_MS_HANDLE	handle,
		M2MB_SECURE_MS_BUFFER	bfr,
		UINT32	out_offset
	)

Adds the secured item data to the TEE buffer.

This function adds the secured item data to the TEE buffer.

Parameters

[in]	handle	Secure data file handle
[in]	bfr	The TEE Buffer Handle.
[in]	out_offset	The offset in the TEE Buffer Handle were the data from the item is written.

Returns

M2MB_RESULT_SUCCESS in case of success

M2MB_RESULT_FAIL in case of fail

Note

The TEE buffer inherits the properties of item data. If trusted, remain trusted and cannot be read. The specific error can be retrieved using m2mb_secure_ms_crypto_errno().

m2mb_secure_ms_crypto_add_key()

M2MB_RESULT_E m2mb_secure_ms_crypto_add_key	(	UINT8 *	key_blob,
		UINT32	length,
		M2MB_SECURE_MS_BUFFER	bfr,
		UINT32	out_offset
	)

Adds the key (as key_blob) to the TEE buffer.

Uses a dedicated TEE function to export the key from the key_blob and then adds the key to the TEE buffer. The key can be used inside TEE

Parameters

[in]	key_blob	A key_blob, either exported by the m2mb_crypto_*_keyblob_export function or created using m2mb_crypto_ecdh_shared_key_derive.
[in]	length	key_blob length.
[in]	bfr	The TEE Buffer Handle.
[in]	out_offset	The offset in the TEE Buffer Handle were the data is written.

Returns

M2MB_RESULT_SUCCESS in case of success

M2MB_RESULT_FAIL in case of fail

Note

The specific error can be retrieved using m2mb_secure_ms_crypto_errno().

m2mb_secure_ms_crypto_alloc()

M2MB_RESULT_E m2mb_secure_ms_crypto_alloc	(	UINT16	size,
		M2MB_SECURE_MS_BUFFER *	bfr
	)

Allocates TEE buffer.

This function allocates a TEE buffer to be later used by m2mb_secure_ms_crypto_buffer_* functions. The buffer is zero initialized.

Parameters

[in]	size	Buffer size (in bytes) to allocate.
[out]	bfr	Pointer to a handle to be allocated by this function.

Returns

M2MB_RESULT_FAIL M2MB_RESULT_SUCCESS

Note

The specific error can be retrieved using m2mb_secure_ms_crypto_errno().

Example

int main()
{
  M2MB_SECURE_MS_HANDLE pHandle;
  M2MB_RESULT_E ret  = M2MB_RESULT_SUCCESS;
  UINT32 size = 128;
  UINT8 tempBuff[128] = {0};
  M2MB_CRYPTO_AES_CONTEXT SKeyCtx = NULL;
 
  ret = m2mb_secure_ms_open( &pHandle, M2MB_SYSTEM_FILE_ID, 3, M2MB_SECURE_MS_CREATE );
 
  if( ret == M2MB_RESULT_SUCCESS )
  {
    M2MB_SECURE_MS_BUFFER Bfr;
    UINT8 IVec[M2MB_CRYPTO_AES_IV_SIZE] = { 0 };
 
    ret = m2mb_crypto_aes_init( &SKeyCtx );
    ret = m2mb_secure_ms_crypto_alloc( size, &Bfr );
    ret = m2mb_secure_ms_crypto_add_data( tempBuff, size, Bfr, 0 );
    ret = m2mb_secure_ms_crypto_decrypt( Bfr, 0, size, (M2MB_CRYPTO_GEN_CONTEXT)SKeyCtx, IVec, Bfr, 0 );
 
    if( ret == M2MB_RESULT_SUCCESS )
    {
      ret = m2mb_secure_ms_crypto_write( Bfr, 0, size, pHandle );
    }
    ret = m2mb_secure_ms_crypto_free( Bfr );
 
    ret = m2mb_secure_ms_close( pHandle );
  }
}

m2mb_secure_ms_crypto_decrypt()

M2MB_RESULT_E m2mb_secure_ms_crypto_decrypt	(	M2MB_SECURE_MS_BUFFER	in_bfr,
		UINT32	in_offset,
		UINT32	length,
		M2MB_CRYPTO_GEN_CONTEXT	ctx,
		UINT8 *	ivec,
		M2MB_SECURE_MS_BUFFER	out_bfr,
		UINT32	out_offset
	)

Decrypts (part of) the data in the input TEE buffer into the output TEE buffer.

Decrypts (part of) the data in the input TEE buffer into the output TEE buffer.

Parameters

[in]	in_bfr	The TEE input Buffer Handle.
[in]	in_offset	Offset (in bytes) in the input buffer.
[in]	length	length (in bytes) of the data to decrypt.
[in]	ctx	A context previously initialized by m2mb_crypto_aes_init() or m2mb_crypto_des_init().
[in]	ivec	Initialization vector.
[in]	out_bfr	The TEE output Buffer Handle.
[in]	out_offset	Offset (in bytes) in the output buffer.

Returns

M2MB_RESULT_SUCCESS in case of success

M2MB_RESULT_FAIL in case of fail

Note

The specific error can be retrieved using m2mb_secure_ms_crypto_errno().

Example

int main()
{
  M2MB_SECURE_MS_HANDLE pHandle;
  M2MB_RESULT_E ret  = M2MB_RESULT_SUCCESS;
  UINT32 size = 128;
  UINT8 tempBuff[128] = {0};
  M2MB_CRYPTO_AES_CONTEXT SKeyCtx = NULL;
 
  ret = m2mb_secure_ms_open( &pHandle, M2MB_SYSTEM_FILE_ID, 3, M2MB_SECURE_MS_CREATE );
 
  if( ret == M2MB_RESULT_SUCCESS )
  {
    M2MB_SECURE_MS_BUFFER Bfr;
    UINT8 IVec[M2MB_CRYPTO_AES_IV_SIZE] = { 0 };
 
    ret = m2mb_crypto_aes_init( &SKeyCtx );
    ret = m2mb_secure_ms_crypto_alloc( size, &Bfr );
    ret = m2mb_secure_ms_crypto_add_data( tempBuff, size, Bfr, 0 );
    ret = m2mb_secure_ms_crypto_decrypt( Bfr, 0, size, (M2MB_CRYPTO_GEN_CONTEXT)SKeyCtx, IVec, Bfr, 0 );
 
    if( ret == M2MB_RESULT_SUCCESS )
    {
      ret = m2mb_secure_ms_crypto_write( Bfr, 0, size, pHandle );
    }
    ret = m2mb_secure_ms_crypto_free( Bfr );
 
    ret = m2mb_secure_ms_close( pHandle );
  }
}

m2mb_secure_ms_crypto_encrypt()

M2MB_RESULT_E m2mb_secure_ms_crypto_encrypt	(	M2MB_SECURE_MS_BUFFER	in_bfr,
		UINT32	in_offset,
		UINT32	length,
		M2MB_CRYPTO_GEN_CONTEXT	ctx,
		UINT8 *	ivec,
		M2MB_SECURE_MS_BUFFER	out_bfr,
		UINT32	out_offset
	)

Encrypts (part of) the data in the input TEE buffer into the output TEE buffer.

Encrypts (part of) the data in the input TEE buffer into the output TEE buffer.

Parameters

[in]	in_bfr	The TEE input Buffer Handle.
[in]	in_offset	Offset (in bytes) in the input buffer.
[in]	length	length (in bytes) of the data to encrypt.
[in]	ctx	A context previously initialized by m2mb_crypto_aes_init() or m2mb_crypto_des_init().
[in]	ivec	Initialization vector.
[in]	out_bfr	The TEE output Buffer Handle.
[in]	out_offset	Offset (in bytes) in the output buffer.

Returns

M2MB_RESULT_SUCCESS in case of success

M2MB_RESULT_FAIL in case of fail

Note

The specific error can be retrieved using m2mb_secure_ms_crypto_errno().

m2mb_secure_ms_crypto_errno()

M2MB_SECURE_MS_ERRNO_E m2mb_secure_ms_crypto_errno

(

M2MB_SECURE_MS_BUFFER

bfr

)

Return the last error obtained calling Secure MS Crypto functions.

This function return last specific error number.

Parameters

[in]

bfr

The TEE Buffer Handle. If NULL is provided, it returns the internal error if any not associated with buffer

Returns

The error code of the last operation.

Note

m2mb_secure_ms_crypto_final()

M2MB_RESULT_E m2mb_secure_ms_crypto_final	(	M2MB_CRYPTO_GEN_CONTEXT	ctx,
		M2MB_SECURE_MS_BUFFER	out_bfr,
		UINT32	out_offset
	)

Performs the final operation and adds it to the TEE buffer.

This function performs the MD/CMAC/HMAC final operation and add the result to the TEE buffer.

Parameters

[in]	ctx	A context previously initialized by m2mb_crypto_*_init().
[in]	out_bfr	The TEE Buffer Handle.
[in]	out_offset	Offset (in bytes) in the TEE buffer.

Returns

M2MB_RESULT_SUCCESS in case of success

M2MB_RESULT_FAIL in case of fail

Note

The specific error can be retrieved using m2mb_secure_ms_crypto_errno().

m2mb_secure_ms_crypto_find()

M2MB_RESULT_E m2mb_secure_ms_crypto_find	(	M2MB_SECURE_MS_BUFFER	bfr,
		char *	str,
		UINT32 *	offset
	)

Searches for a string within a TEE buffer.

This function searches for a string within a TEE buffer. this is useful for decoding an *.INI file or an XML file.

Parameters

[in]	bfr	The TEE Buffer Handle.
[in]	str	String to search for.
[in,out]	offset	In - Offset from where to start the search. Out - Offset of the string in the buffer (0 if not found).

Returns

M2MB_RESULT_SUCCESS in case of success

M2MB_RESULT_FAIL in case of fail

Note

The specific error can be retrieved using m2mb_secure_ms_crypto_errno().

Example

int main()
{
       INT32  fd;
       UINT32 size;
       void   *p;
       M2MB_SECURE_MS_BUFFER      bfr;
       char   str[80];
       UINT32 offset = 0;
       char   value[80];
 
       fd = m2mb_fs_open("Test.txt", M2MB_O_RDONLY);
       if (fd < 0) return;
 
       size = m2mb_fs_lseek(fd, 0, M2MB_SEEK_END);
       m2mb_fs_lseek(fd, 0, M2MB_SEEK_SET);
       p = m2mb_os_malloc(size);
       if (!p) return;
       if ((INT32)size > m2mb_fs_read(fd, p, size)) return;
       m2mb_fs_close(fd);
 
       if (M2MB_RESULT_SUCCESS != m2mb_secure_ms_crypto_alloc(size, &bfr)) return;
       if (M2MB_RESULT_SUCCESS != m2mb_secure_ms_crypto_add_data((UINT8 *)p, size, bfr, 0)) return;
       m2mb_os_free(p);
 
       strcpy( str, "test" );
       m2mb_secure_ms_crypto_find(bfr, str, &offset);
 
       m2mb_secure_ms_crypto_free(bfr);
}

m2mb_secure_ms_crypto_free()

M2MB_RESULT_E m2mb_secure_ms_crypto_free

(

M2MB_SECURE_MS_BUFFER

bfr

)

Free the TEE buffer.

This function De-allocates the TEE buffer.

Parameters

[in]

bfr

The TEE Buffer Handle.

Returns

M2MB_RESULT_SUCCESS in case of success

M2MB_RESULT_FAIL in case of fail

Note

The specific error can be retrieved using m2mb_secure_ms_crypto_errno().

Example

int main()
{
  M2MB_SECURE_MS_HANDLE pHandle;
  M2MB_RESULT_E ret  = M2MB_RESULT_SUCCESS;
  UINT32 size = 128;
  UINT8 tempBuff[128] = {0};
  M2MB_CRYPTO_AES_CONTEXT SKeyCtx = NULL;
 
  ret = m2mb_secure_ms_open( &pHandle, M2MB_SYSTEM_FILE_ID, 3, M2MB_SECURE_MS_CREATE );
 
  if( ret == M2MB_RESULT_SUCCESS )
  {
    M2MB_SECURE_MS_BUFFER Bfr;
    UINT8 IVec[M2MB_CRYPTO_AES_IV_SIZE] = { 0 };
 
    ret = m2mb_crypto_aes_init( &SKeyCtx );
    ret = m2mb_secure_ms_crypto_alloc( size, &Bfr );
    ret = m2mb_secure_ms_crypto_add_data( tempBuff, size, Bfr, 0 );
    ret = m2mb_secure_ms_crypto_decrypt( Bfr, 0, size, (M2MB_CRYPTO_GEN_CONTEXT)SKeyCtx, IVec, Bfr, 0 );
 
    if( ret == M2MB_RESULT_SUCCESS )
    {
      ret = m2mb_secure_ms_crypto_write( Bfr, 0, size, pHandle );
    }
    ret = m2mb_secure_ms_crypto_free( Bfr );
 
    ret = m2mb_secure_ms_close( pHandle );
  }
}

m2mb_secure_ms_crypto_import()

M2MB_RESULT_E m2mb_secure_ms_crypto_import	(	M2MB_SECURE_MS_HANDLE	handle,
		M2MB_CRYPTO_GEN_CONTEXT	ctx,
		M2MB_SECURE_MS_IMPORT_TYPE_E	type
	)

Import a stored secured item (e.g. key, domain parameters), into a given context.

This function is a complementary function for the m2mb_crypto_* functions. It imports a stored secured item identified by its handle (e.g. key, domain parameters) to a given context.

Parameters

[in]	handle	Secure data file handle (stored secure item)
[in]	ctx	A context previously initialized by m2mb_crypto_*_init().
[in]	type	The type of the item to import (M2MB_SECURE_MS_IMPORT_TYPE_E).

Returns

M2MB_RESULT_SUCCESS in case of success

M2MB_RESULT_FAIL in case of fail

Note

The specific error can be retrieved using m2mb_secure_ms_errno().

Example

int main()
{
  M2MB_SECURE_MS_HANDLE pHandle;
  M2MB_RESULT_E ret  = M2MB_RESULT_SUCCESS;
  M2MB_CRYPTO_AES_CONTEXT aesCtx = NULL;
 
  ret = m2mb_crypto_aes_init( &aesCtx );
  if ( ret == M2MB_RESULT_SUCCESS )
  {
    ret = m2mb_secure_ms_open( &pHandle, M2MB_SYSTEM_FILE_ID, 3, M2MB_SECURE_MS_READ | M2MB_SECURE_MS_ADMIN );
 
    if( ret == M2MB_RESULT_SUCCESS )
    {
        ret  = m2mb_secure_ms_crypto_import( pHandle,(M2MB_CRYPTO_GEN_CONTEXT)aesCtx, M2MB_SECURE_MS_IMPORT_PsK);
 
        m2mb_secure_ms_close( pHandle );
    }
  }
}

m2mb_secure_ms_crypto_md()

M2MB_RESULT_E m2mb_secure_ms_crypto_md	(	M2MB_CRYPTO_MD_ALG_E	md_info,
		M2MB_SECURE_MS_BUFFER	in_bfr,
		UINT32	in_offset,
		UINT32	length,
		M2MB_SECURE_MS_BUFFER	out_bfr,
		UINT32	out_offset
	)

Performs a MD operation on (part of) the TEE buffers.

This function performs a Message Digest operation on (part of) the TEE input buffer and stores the MD result in the output buffer.

Parameters

[in]	md_info	The message digest method to use.
[in]	in_bfr	The TEE 1st Buffer Handle.
[in]	in_offset	Offset (in bytes) in the 1st buffer.
[in]	length	length (in bytes) of the data to be digested.
[in,out]	out_bfr	The TEE 2nd Buffer Handle. For the XOR operation this is input and output, for all the rest only output.
[in]	out_offset	Offset (in bytes) in the 2nd buffer.

Returns

M2MB_RESULT_SUCCESS in case of success

M2MB_RESULT_FAIL in case of fail

Note

The specific error can be retrieved using m2mb_secure_ms_crypto_errno().

m2mb_secure_ms_crypto_read()

M2MB_RESULT_E m2mb_secure_ms_crypto_read	(	M2MB_SECURE_MS_BUFFER	bfr,
		UINT32	offset,
		UINT32	max_len,
		UINT8 *	data,
		UINT32 *	act_len
	)

Reads the TEE buffer from the Secure Storage.

This function Reads the TEE buffer from the Secure Storage. Note that the Trusted Data was zeroed by the Write function.

Parameters

[in]	bfr	The TEE Buffer Handle.
[in]	offset	Offset in the buffer.
[in]	max_len	The number of the maximum bytes to read.
[out]	data	Returned data. If NULL, "act_len" will return the buffer size.
[out]	act_len	The actual number of bytes returned.

Returns

M2MB_RESULT_SUCCESS in case of success

M2MB_RESULT_FAIL in case of fail

Note

The specific error can be retrieved using m2mb_secure_ms_crypto_errno(). The TEE buffer inherits the properties of item data if its data has been added in the buffer. E.g data trusted remains trusted even using m2mb_secure_ms_crypto_read(). So data trusted can be never read

Example

m2mb_secure_ms_crypto_rotate()

M2MB_RESULT_E m2mb_secure_ms_crypto_rotate	(	M2MB_SECURE_MS_BUFFER	bfr,
		UINT32	num_of_bytes
	)

Circular shift left of the data in the TEE buffer.

This function performs a left circular shift of the data in the TEE buffer. Rotation has to be intended for string, so for hex values rotation is right. Rotation versus has to be considered when string or array is considered E.g. "help" rotated by 1 bytes is "elph" for string but in hex the representation is array[0]='h', array[1]='e', array[2]='l', array[3]='p' so 0x 'p' 'l' 'e' 'h' => 0x706C6568 rotation is right on hex 0x 'p' 'l' 'e' 'h'>>8bit => 0x 'h' 'p' 'l' 'e' => 0x68706C65 so "elph" as expected for string By looking on the array instead, in case of rotation left for hex, 0x 'p' 'l' 'e' 'h' <<8bit is 0x 'l' 'e' 'h' 'p' so relative string would be "help" => "phel" which is considered as rotation right for string.

Parameters

[in]	bfr	The TEE Buffer Handle.
[in]	num_of_bytes	The number of bytes for the left circular shift.

Returns

M2MB_RESULT_SUCCESS in case of success

M2MB_RESULT_FAIL in case of fail

Note

The specific error can be retrieved using m2mb_secure_ms_crypto_errno().

m2mb_secure_ms_crypto_write()

M2MB_RESULT_E m2mb_secure_ms_crypto_write	(	M2MB_SECURE_MS_BUFFER	bfr,
		UINT32	in_offset,
		UINT32	length,
		M2MB_SECURE_MS_HANDLE	handle
	)

Writes (part of) the TEE buffer to the Secure Storage.

This function Writes (part of) the TEE buffer to the Secure Storage. Data that is written is zeroed.

Parameters

[in]	bfr	The TEE Buffer Handle.
[in]	in_offset	Offset (in bytes) in the buffer of the relevant data.
[in]	length	length (in bytes) of the relevant data.
[in]	handle	Secure data file handle

Returns

M2MB_RESULT_SUCCESS in case of success

M2MB_RESULT_FAIL in case of fail

Note

The specific error can be retrieved using m2mb_secure_ms_crypto_errno().

Example

int main()
{
  M2MB_SECURE_MS_HANDLE pHandle;
  M2MB_RESULT_E ret  = M2MB_RESULT_SUCCESS;
  UINT32 size = 128;
  UINT8 tempBuff[128] = {0};
  M2MB_CRYPTO_AES_CONTEXT SKeyCtx = NULL;
 
  ret = m2mb_secure_ms_open( &pHandle, M2MB_SYSTEM_FILE_ID, 3, M2MB_SECURE_MS_CREATE );
 
  if( ret == M2MB_RESULT_SUCCESS )
  {
    M2MB_SECURE_MS_BUFFER Bfr;
    UINT8 IVec[M2MB_CRYPTO_AES_IV_SIZE] = { 0 };
 
    ret = m2mb_crypto_aes_init( &SKeyCtx );
    ret = m2mb_secure_ms_crypto_alloc( size, &Bfr );
    ret = m2mb_secure_ms_crypto_add_data( tempBuff, size, Bfr, 0 );
    ret = m2mb_secure_ms_crypto_decrypt( Bfr, 0, size, (M2MB_CRYPTO_GEN_CONTEXT)SKeyCtx, IVec, Bfr, 0 );
 
    if( ret == M2MB_RESULT_SUCCESS )
    {
      ret = m2mb_secure_ms_crypto_write( Bfr, 0, size, pHandle );
    }
    ret = m2mb_secure_ms_crypto_free( Bfr );
 
    ret = m2mb_secure_ms_close( pHandle );
  }
}

m2mb_secure_ms_crypto_xor()

M2MB_RESULT_E m2mb_secure_ms_crypto_xor	(	M2MB_SECURE_MS_BUFFER	in_bfr,
		UINT32	in_offset,
		UINT32	length,
		M2MB_SECURE_MS_BUFFER	out_bfr,
		UINT32	out_offset
	)

Performs a XOR operation between (part of) the TEE buffers.

This function performs a XOR operation between (part of) the TEE buffers.

Parameters

[in]	in_bfr	The TEE 1st Buffer Handle
[in]	in_offset	Offset (in bytes) in the 1st buffer.
[in]	length	length (in bytes) to XOR.
[in]	out_bfr	The TEE 2nd Buffer Handle.
[in]	out_offset	Offset (in bytes) in the 2nd buffer.

Returns

M2MB_RESULT_SUCCESS in case of success

M2MB_RESULT_FAIL in case of fail

Note

The specific error can be retrieved using m2mb_secure_ms_crypto_errno().